In the first two blog posts we have identified the Payment Card Industry Data Security Standard, who needs to comply, why, and how to get information. My search for PCI information has lead me to numerous news pages and blogs although recently I discovered several podcasts which all touch on the subject, feature industry experts or offer advice.

Many vendors are positioning their products as compliance offerings, but when should you focus on fine-tune your existing architecture and when is it time to buy? And when it is time, what should you keep in mind?

This Podcast will count down the top five questions that you should ask when preparing to make a compliance-related purchase. [SearhCIO]

The “Top 5 Questions to Ask When Shopping for Compliance Products” podcast asks:

• What areas of compliance does the product help to address and what successes have customers had with the product.
• Does the product scale?
• Can the product be secure?
• How does it integrate with other products and activities?
• How much work and time will it take to for organization to realize the benefits of the product?

Another podcast series is ‘Speaking of Security‘ mostly features computer security but has special episodes focusing on PCI.

Speaking of PCI. This podcast focuses on the Payment Card Industry Data Security Standard: what it is and how it’s driving companies to adopt lifecycle information-centric security strategies to comply with other regulations and to implement industry best practices in terms of Enterprise Data Protection. [RSAPodcast]

Gartner Voice - ‘a podcast for business and IT professionals’ - also offers up some helpful tips on compliance in an episode from April 2006.

The Payment Card Industry (PCI) Data Security Standard was created in 2001 yet the card-accepting industry still struggles to demonstrate compliance with it, let alone protect cardholder data in many cases. Learn what steps your organization can take to cope with the growing need for compliance.

And finally, I found this link via the Forbes website - Configuresoft’s Sound Advice podcast series titled, “PCI DSS State of the Union.”

In the first podcast of a three part series, Chris Farrow, director of Configuresoft’s Center for Policy and Compliance and Co-founder of the PCI Security Vendor Alliance, provides an overview of the current state of PCI DSS compliance in the enterprise: what’s working, what’s not and where the standard is heading. [Forbes][ConfiguresoftPodcast]

No matter the size of your company or the number of transactions processed, this standard will effect all merchants who accept credit or debit cards in any way shape or form. Feel free to share thoughts, links and ideas for the next installment of this PCI blog series in the comments section below, touching next on implementation.

For more information from E-xact about PCI DSS, keep an eye on our PCI Blog or visit our About Page for links and information.

E-xact Transactions Ltd. has been fully compliant with the industry since 2004.
[About - E-xact]

PCI Basics:

• PCI DSS Self-Assessment Questionnaire
• PCI Data Security Standard v. 1.1

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.